I just passed a Cisco SMB Field Engineer cert for my company and one of the persistent ideas is redundancy through dual internet connections on one or more routers. In the SMB, I figure that the chances are that this is going to probably be on one single router to keep the price point low in many deployments.
While going through the CCNP the only way I learned how to do load balancing over multiple Internet connections was by using BGP. I understand that you can still have redudancy with two or more internet connections (not using BGP) on a router using something as simple as a floating static route but I figure there has to be a way to also "load balance" the connections without using BGP. Who wants to configure BGP in an SMB after all?? I'm talking a small biz with a cable modem and a dsl link or maybe a TLS and a DSL backup or something of the sorts. Probably on something like a 2811 router? Is there a really simple way to load balance internet connections on a Cisco router? Or maybe the BGP way isn't really a big deal and I'm just making too big a deal out of it as the truth is I've never had to configure it since I got my CCNP.
I have seen a few examples that look like they might do this using NAT, Route Maps, and SLA on Cisco.com and other places. To tell truth though I'm still not sure if I'm reading the right thing as the explanations are either non-existant or low on content.
So does anyone know an easy way for a SMB to load balance over two Internet Links on a single cisco router like a 2811? I would appreciate an answer because I just can't believe that BGP is the only answer. If it is than so be it but there has to be another (read easier) way!
Thanks for Your Help!!!
Optimised Edge Routing (OER) measures response times and then will determine the fastest response and choose the best ISP to use for each individual IP address. See www.cisco.com for details.
So this is Cisco's config for load balancing two internet connection using NAT. This was labbed with a 1811 router according to Cisco. It basically is supposed to load balance by NATing individual connections accross both links round robin style. The only problem is I don't see what in this config causes this round robin behavior. I can only think that this is done automatically because there are two separate NAT statements. The SLA tracking objects appear to be there only to remove a default route in the case of one of the connections going down. The route-maps don't appear to do much really because they both use the same ACL in their match statements? What am I missing here? I guess I should just try it and if it works believe it but I'm in a grubby hotel in a rural town as I'm on a project setting up VPNs to a few remote sites...I'm just lucky I have internet right now..lol. So anyway, I would really like to understand this config here? Can anyone tell me what part of this config actually causes the round robin NAT load balancing or is there a better way to do Internet load balancing without BGP and it's not what I've got below?
BTW--the below config is a little confusing as Cisco is using one Internet connection that terminates as Ethernet (Cable Modem / TLS / DSL) and is getting it's IP and Default Route through DHCP and another PPPOE/DSL that gets it's IP through DHCP but not it's route. the PPPOE connection's route is a static that is just next hopping out the interface instead of to an IP.
track timer interface 5 ! ! Configure timers on route tracking ! track 123 rtr 1 reachability delay down 15 up 10 ! track 345 rtr 2 reachability delay down 15 up 10 ! ! Use "ip dhcp client route track [number]" ! to monitor route on DHCP interfaces ! Define ISP-facing interfaces with "ip nat outside" ! interface FastEthernet0 ip address dhcp ip dhcp client route track 345 ip nat outside ip virtual-reassembly ! interface FastEthernet1 no ip address pppoe enable no cdp enable ! interface FastEthernet2 no cdp enable ! interface FastEthernet3 no cdp enable ! interface FastEthernet4 no cdp enable ! interface FastEthernet5 no cdp enable ! interface FastEthernet6 no cdp enable ! interface FastEthernet7 no cdp enable ! interface FastEthernet8 no cdp enable ! interface FastEthernet9 no cdp enable ! ! Define LAN-facing interfaces with "ip nat inside" ! interface Vlan1 description LAN Interface ip address 192.168.108.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ! Define ISP-facing interfaces with "ip nat outside" ! Interface Dialer 0 description PPPoX dialer ip address negotiated ip nat outside ip virtual-reassembly ip tcp adjust-mss ! ip route 0.0.0.0 0.0.0.0 dialer 0 track 123 ! ! Configure NAT overload (PAT) to use route-maps ! ip nat inside source route-map fixed-nat interface Dialer0 overload ip nat inside source route-map dhcp-nat interface FastEthernet0 overload ! ! Configure an OER tracking entry ! to monitor the first ISP connection ! ip sla 1 icmp-echo 172.16.108.1 source-interface Dialer0 timeout 1000 threshold 40 frequency 3 ! ! Configure a second OER tracking entry ! to monitor the second ISP connection ! ip sla 2 icmp-echo 172.16.106.1 source-interface FastEthernet0 timeout 1000 threshold 40 frequency 3 ! ! Set the SLA schedule and duration ! ip sla schedule 1 life forever start-time now ip sla schedule 2 life forever start-time now ! ! Define ACLs for traffic that ! will be NATed to the ISP connections ! access-list 110 permit ip 192.168.108.0 0.0.0.255 any ! ! Route-maps associate NAT ACLs with NAT ! outside on the ISP-facing interfaces ! route-map fixed-nat permit 10 match ip address 110 match interface Dialer0 ! route-map dhcp-nat permit 10 match ip address 110 match interface FastEthernet0
I've never tried this with a Cisco router but the easiest way I have deployed ISP redundancy (not load balancing) is with a PIX/ASA firewall. Config example can be found here:
Yeah the Config below is from Cisco's configuration example for NAT load balancing using OER: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml.
In the document, it actually says that this only works with equal cost routes and will not make any preference of one connection over the other one unlike what you said "measures response times and then will determine the fastest response and choose the best ISP to use for each individual IP address". If you have some added config that would do this it would be appreciated.
Anyway, I guess as I've never done this config before I really just wanted to know what part of it does the actual load balancing as I said in my last post. It seems that the SLA tracking is just to take out one of the routes if the connection goes bad and it seems that that is what cisco says in this document about it too. I'm guessing the load balancing NAT is just caused by the fact that there are two identicle NAT statements that go to two different interfaces at this point. The route-map used in this config has the same match acl on both sequences so I don't figure that this is what is causing the round robin NATing.
I guess I just want to know what makes this config work now that I have someone else saying this is the way that it is done? Any idea? BTW--Thanks for letting me know that this is the right way to do it as I don't know anyone else who has used this before.
Sorry Guys and Gals! I didn't realise that posting config into the thread would come out like that. Here is the config example on Cisco's site: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a00808d2b72.shtml
Thanks for the Config! I was looking for load balancing rather than just redudancy but it is still cool. This config does exactly what I would do and just adds a floating static route (route with a higher metric/AD). It is interesting that this config also uses a SLA tracking object like the config I posted in this thread. I haven't really learned much about SLA yet. I guess the tracking object gives you the ability to pull the route based on reachability to other IP's (like ISP DNS) rather than just the old "when the link goes down the route gets pulled" stuff. This does sound like it would give more flexibility and redundancy. I'm going to have to use this in the future!
OER is more clever than their example. See the manual below *
Cisco IOS Optimized Edge Routing Configuration Guide
OER can be quite festive in its configuration, however, it's designed as a "more than one router" solution.
Definitely in the "S" part of "SMB" it'll be hard to manage with that. As stated in the original message, chances are that there will be a single router. If you have more than one router, just advertise multiple 0/0 routes inside your network with equal cost and other routers will load balance.
If you have one router, you're going to be relegated to nat with route-maps (unless you have your own static/public addresses that work over both circuits).
You can load share with static routes. Both customer edge routers would have a static default route, and you can redistribute them into your IGP. To optimize return traffic, each provider edge router advertises only a part of the customer's address space into the provider backbone, but also advertises the whole customer address space for backup purposes.
I am happy with having multiple static routes with the same metric with in the IGP but can you explain a little more how you can have different default routes with the same metric to achieve load balancing within the IGP. That sounds very interesting.
Your load balancing is done (presumably) on the single router with multiple paths out to the Internet.
All other routers internally don't need to care about dual paths. They need to get to that exit/gateway router only. So your IGP configuration is actually quite simple, just a default information command and away you go!
Very often we try to make things far more difficult than they really are! Analyze your connection layout and see who needs to know about the multiple choices for exiting the network and who doesn't care!